A novel network intrusion detection algorithm based on Fast Fourier Transformation

Liu, Weiyou; Liu, Xu; Di, Xiaoqiang; Qi, Hui

doi:10.1109/iciai.2019.8850770

Cited by 19 publications

(17 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Porém, o processo de construc ¸ão do grafo envolve um maior custo computacional dificultando o emprego destas propostas em detecc ¸ão de ataques em tempo real. Outra abordagem para representar um fluxo de rede é através de uma imagem que represente a diferenc ¸a entre os tráfegos malicioso e normal [Liu et al 2019]. Esta técnica também sofre com o alto custo computacional, mas tem sido usada com algum sucesso com as modernas técnicas de aprendizado profundo e com processamento paralelo de processadores gráficos (Graphical Processing Unit -GPU).…”

Section: Trabalhos Relacionadosunclassified

“…A extrac ¸ão de características do conjunto de dados é a etapa mais crítica da criac ¸ão de um algoritmo de aprendizado de máquina, pois as características afetam diretamente o ajuste dos parâmetros do modelo e o desempenho de classificac ¸ão. Entre os métodos para extrac ¸ão de características e representac ¸ão dos fluxos de rede existem os convencionais, que quantificam informac ¸ões dos pacotes, como número de bytes e quantidade de pacotes [Lobato et al 2017], ou representac ¸ões mais complexas através de grafos [Sanz et al 2018, Bian et al 2019] ou até por imagem [Liu et al 2019]. Entretanto, essas características não refletem a dependência temporal entre os pacotes, e nem comportamentos periódicos gerados pela automatizac ¸ão dos ataques.…”

Section: Introduc ¸ãOunclassified

See 1 more Smart Citation

Aprimorando a Detecção de Ataques Automáticos através de Decomposição Espectral de Pacotes de Rede

Souza

Camilo

Duarte

2021

Anais Do XXXIX Simpósio Brasileiro De Redes De Computadores E Sistemas Distribuídos (SBRC 2021)

View full text Add to dashboard Cite

A classiﬁcação de ﬂuxos para a identiﬁcação de ataques em redes de computadores por aprendizado de máquina utiliza características quantitativas que sintetizam as informações de pacotes pertencentes a um ﬂuxo. Entretanto, as características convencionais, como tamanho de pacote e número de bytes, geram redundâncias e não representam as correlações temporais entre os pacotes de um ﬂuxo. Ataques de rede automatizados geram padrões periódicos observáveis através da decomposição espectral, o que facilita a classiﬁcação. Este artigo propõe o FENED1, um método para extrair características de dados de rede considerando a ordem de chegada dos pacotes dentro de um mesmo ﬂuxo através da transformada rápida de Fourier para a classiﬁcação binária. O vetor de características proposto contém o módulo das componentes espectrais do ﬂuxo. Os resultados mostram que a proposta é melhor ou igual às propostas convencionais de extração de características que desconsideram a ordem de chegada dos pacotes em um ﬂuxo.

show abstract

Section: Trabalhos Relacionadosunclassified

Section: Introduc ¸ãOunclassified

Aprimorando a Detecção de Ataques Automáticos através de Decomposição Espectral de Pacotes de Rede

Souza

Camilo

Duarte

2021

Anais Do XXXIX Simpósio Brasileiro De Redes De Computadores E Sistemas Distribuídos (SBRC 2021)

View full text Add to dashboard Cite

show abstract

“…The authors in [16] claimed that CNN best performs on images while the network traffic datasets are in nonimage form. In order to efficiently use the potential CNNs for detecting the network intrusions, the authors proposed a methodology to convert the network traffic into a threedimensional (3D) image.…”

Section: Introductionmentioning

confidence: 99%

“…Although the potential of CNN models is being used for developing intrusion detection systems, these CNN models do not perform efficiently when trained on non-image dataset [16]. Hence, there is a need for developing such a mechanism that transforms the network traffic into a representable form on which CNN models perform efficiently.…”

Section: Introductionmentioning

confidence: 99%

IoT DoS and DDoS Attack Detection using ResNet

Hussain

Husnain

Fayyaz

et al. 2020

Preprint

View full text Add to dashboard Cite

The network attacks are increasing both in frequency and intensity with the rapid growth of internet of things (IoT) devices. Recently, denial of service (DoS) and distributed denial of service (DDoS) attacks are reported as the most frequent attacks in IoT networks. The traditional security solutions like firewalls, intrusion detection systems, etc., are unable to detect the complex DoS and DDoS attacks since most of them filter the normal and attack traffic based upon the static predefined rules. However, these solutions can become reliable and effective when integrated with artificial intelligence (AI) based techniques. During the last few years, deep learning models especially convolutional neural networks achieved high significance due to their outstanding performance in the image processing field. The potential of these convolutional neural network (CNN) models can be used to efficiently detect the complex DoS and DDoS by converting the network traffic dataset into images. Therefore, in this work, we proposed a methodology to convert the network traffic data into image form and trained a state-of-the-art CNN model, i.e., ResNet over the converted data. The proposed methodology accomplished 99.99\% accuracy for detecting the DoS and DDoS in case of binary classification. Furthermore, the proposed methodology achieved 87\% average precision for recognizing eleven types of DoS and DDoS attack patterns which is 9\% higher as compared to the state-of-the-art.

show abstract

“…For instance, the literature reports intrusion detection approaches based on machine learning criteria such as gradient boosting [14], adaptive boosting [15], and random forests [16]. Other proposals involve artificial neural networks [17], probabilistic criteria [18], or data transformation/representation [19][20][21], similarly to what is done, in terms of scenario and data balance, in closely related domains [22][23][24][25][26][27][28][29][30]. It should be noted that, besides sharing the same objectives, they also tackle analogous problems, such as the difficulty of classifying intrusion events that are very similar to normal ones in terms of characteristics or the difficulty to detect novel form of attacks (e.g., zero-days attacks [31]).…”

Section: Introductionmentioning

confidence: 99%

A Local Feature Engineering Strategy to Improve Network Anomaly Detection

et al. 2020

View full text Add to dashboard Cite

The dramatic increase in devices and services that has characterized modern societies in recent decades, boosted by the exponential growth of ever faster network connections and the predominant use of wireless connection technologies, has materialized a very crucial challenge in terms of security. The anomaly-based intrusion detection systems, which for a long time have represented some of the most efficient solutions to detect intrusion attempts on a network, have to face this new and more complicated scenario. Well-known problems, such as the difficulty of distinguishing legitimate activities from illegitimate ones due to their similar characteristics and their high degree of heterogeneity, today have become even more complex, considering the increase in the network activity. After providing an extensive overview of the scenario under consideration, this work proposes a Local Feature Engineering (LFE) strategy aimed to face such problems through the adoption of a data preprocessing strategy that reduces the number of possible network event patterns, increasing at the same time their characterization. Unlike the canonical feature engineering approaches, which take into account the entire dataset, it operates locally in the feature space of each single event. The experiments conducted on real-world data showed that this strategy, which is based on the introduction of new features and the discretization of their values, improves the performance of the canonical state-of-the-art solutions.

show abstract

A novel network intrusion detection algorithm based on Fast Fourier Transformation

Cited by 19 publications

References 13 publications

Aprimorando a Detecção de Ataques Automáticos através de Decomposição Espectral de Pacotes de Rede

Aprimorando a Detecção de Ataques Automáticos através de Decomposição Espectral de Pacotes de Rede

IoT DoS and DDoS Attack Detection using ResNet

A Local Feature Engineering Strategy to Improve Network Anomaly Detection

Contact Info

Product

Resources

About